CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2195
https://notcve.org/view.php?id=CVE-2019-2195
13 Nov 2019 — In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139186193 En la función tokenize del archivo sqlite3_android.cpp, hay una posible sentencia INSERT controlada por el atacante debido a una comprobación de e... • https://source.android.com/security/bulletin/2019-11-01 • CWE-20: Improper Input Validation CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2193
https://notcve.org/view.php?id=CVE-2019-2193
13 Nov 2019 — In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-132261064 En el archivo WelcomeActivity.java y archivos relacionados, hay una posible omisión... • https://source.android.com/security/bulletin/2019-11-01 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2192
https://notcve.org/view.php?id=CVE-2019-2192
13 Nov 2019 — In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138441555 En la llamada del archivo SliceProvider.java, tiene una posible omisión de permisos debido a una comprobación de entrada inapropiada. Esto podría conllevar a una escalada local de privilegios s... • https://source.android.com/security/bulletin/2019-11-01 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2183
https://notcve.org/view.php?id=CVE-2019-2183
11 Oct 2019 — In generateServicesMap of RegisteredServicesCache.java, there is a possible account protection bypass due to a caching optimization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-136261465 En la función generateServicesMap del archivo RegisteredServicesCache.java, se presenta una posible omisión de protección de cuenta debido a una optimización de alma... • https://source.android.com/security/bulletin/pixel/2019-10-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2187
https://notcve.org/view.php?id=CVE-2019-2187
11 Oct 2019 — In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143 En la función nfc_ncif_decode_rf_params del archivo nfc_ncif.cc, se presenta una posible lectura fuera de límites debido a un desbord... • https://source.android.com/security/bulletin/2019-10-01 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2114
https://notcve.org/view.php?id=CVE-2019-2114
11 Oct 2019 — In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348 En los privilegios predeterminados de NFC, se presenta una posible omisión local de los requisitos de inte... • https://source.android.com/security/bulletin/2019-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2110
https://notcve.org/view.php?id=CVE-2019-2110
11 Oct 2019 — In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a secure screen due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9Android ID: A-69703445 En la función ScreenRotationAnimation del archivo ScreenRotationAnimation.java, se presenta una posible captura de una pantalla segura debido a una falta de comprobació... • https://source.android.com/security/bulletin/2019-10-01 • CWE-862: Missing Authorization •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2186
https://notcve.org/view.php?id=CVE-2019-2186
11 Oct 2019 — In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447 En la función GetMBheader del archivo combine_decode.cpp, se presenta una posible escritura fuera de límites debido a una falta de comprobación de ... • https://source.android.com/security/bulletin/2019-10-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2185
https://notcve.org/view.php?id=CVE-2019-2185
11 Oct 2019 — In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699 En la función VlcDequantH263IntraBlock_SH del archivo vlc_dequant.cpp, se presenta una posible escritura fuera de límites debido a una ... • https://source.android.com/security/bulletin/2019-10-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2184
https://notcve.org/view.php?id=CVE-2019-2184
11 Oct 2019 — In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122 En la función PV_DecodePredictedIntraDC del archivo dec_pred_intra_dc.cpp, se presenta una posible escritura fuera de límites debido a una fal... • https://source.android.com/security/bulletin/2019-10-01 • CWE-787: Out-of-bounds Write •